<?php
/*
 * NetfilterEyes - 2008 - Anouar Belkacem
 * This code is a modified copy of the FirewallEyes project source code
 *  
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or (at
 * your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 *
 */

// ***************** CONFIGURATION *********************
// activate authentication by IP
// $IPAuthentication=true|false;
$IPAuthentication=false;
// alowed clientIP
// one line by IP
// $allowedClientIP[]="127.0.0.1";
$allowedClientIP[]="127.0.0.1";

// logfiles to parse, default is first
// you can use file path like /etc/log/messages or nfs
// or http like http://www.host.com/messages
// or ftp like ftp://user:password@ftp.host.com/messages
// $logfiles[]="/var/log/messages";
//$logfiles[]="/var/depotlog/2008/08/30/rms-prd-inf1/kern.log";
//$logfiles[]="messages";
//$logfiles[]="/var/log/messages.2";
//$logfiles[]="/var/log/messages.3";
//$logfiles[]="/var/log/messages.4";
// automatic submit
// automatic reload log display just after changing a display option (search strings, resolving, ...)
// $automaticSubmit=true|false; 
$automaticSubmit=true;

// default number of lines to display
$configuration["displayedLines"]=25;

// resolv ip
//$configuration["resolvIp"]=false;

// resolv service
$configuration["resolvService"]=true;

// read log file from the end
//$configuration["readFromTheEnd"]=true;

// exact search
$configuration["exactSearch"]=false;

// automatic refresh page every x secondes 
//$configuration["automaticRefresh"]=false|true;
//$configuration["automaticRefresh"]=false;

// refresh interval in seconds
//$automaticRefreshInterval=10;

// column array
// syntax : name, index in regexp, width in pixels, type, toolname
// type can be ip or service or protocol, used for resolution
// to hide a column, just comment it with //
$logFields[]=Array("date","1","60",null,null);
$logFields[]=Array("time","2","80",null,null);
//$logFields[]=Array("in","6","60",null,null);
//$logFields[]=Array("out","7","60",null,null);
$logFields[]=Array("source","8","120","ip","iptools");
$logFields[]=Array("src port","11","60",null,null);
$logFields[]=Array("destination","9","120","ip","iptools");
$logFields[]=Array("dst port","12","80","service",null);
$logFields[]=Array("protocol","10","60","protocol",null);
$logFields[]=Array("rule","3","30",null,null);
$logFields[]=Array("action","4","70",null,null);
$logFields[]=Array("comments","5","150",null,null);

// ip tools
// types are command or url
// use %originalParameter% for values like ip address
// use %transformedParameter% for values like dns address
$tools["iptools"]["ping"]=		array("type"=>"command", "value"=>"ping -c 5 %p1%");
$tools["iptools"]["traceroute"]=array("type"=>"command", "value"=>"traceroute %p1%");
$tools["iptools"]["DNS lookup"]=	array("type"=>"command", "value"=>"host %p1%");
$tools["iptools"]["whois"]=		array("type"=>"command", "value"=>"whois %p1%","precompute"=>"extractdomain");
$tools["iptools"]["nmap"]=		array("type"=>"command", "value"=>"nmap %p1%");
$tools["iptools"]["HTTP Test"]=	array("type"=>"url", "value"=>"http://%p1%");

// service tool
$tools["srvtools"]["ISS Port db"]=	array("type"=>"url", "value"=>"http://www.iss.net/security_center/advice/Exploits/Ports/%p1%/default.htm");
$tools["srvtools"]["IANA ports"]=	array("type"=>"url", "value"=>"http://www.iana.org/assignments/port-numbers");
$tools["srvtools"]["Google"]=	array("type"=>"url", "value"=>"http://www.google.com/search?hl=en&q=port+%p1%");

// regExp for detecting a firewall line
$detectLine="/R\d+ \[/S";

// regExp for line parsing
$LineRegExp="/(\w+\s+\d+)\s+(\S+)\s+\S+.*R(\d+) \[(\w+) ?(\D*)\] IN=(\S*) OUT=(\S*) .*SRC=(\S+)\s+DST=(\S+).*PROTO=(\S+).*SPT=(\S+).*DPT=(\S+)/S";

//line sample :
//Sep 24 18:07:35 passerelle kernel: R14 [ACCEPT FROM-ME] IN=eth1 OUT= MAC=00:04:e2:43:1c:c4:00:0b:cd:f9:f4:42:08:00 SRC=192.168.0.1 DST=172.31.0.253 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=11059 DF PROTO=TCP SPT=1537 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 

?>
